There's Something About IPv6...

Tell us about yourself, Owen – how did you get into computers, and how long have you been in the industry?

OD:

I first got into computers one night when my father got stuck babysitting and needed to do some of his "homework" for a data processing class at the local community college (Contra Costa College). I was very young (around 7 or 8 I think, maybe younger), but they showed me a set of tutorials on BASIC and I went through all of them with great interest. Then I started exploring other games and programs on the system. There was a plotter which simply fascinated me. I was hooked ever since, even making arrangements to transfer to a different high school because they had a PDP-11. I've been in the industry in one form or another for more than 25 years.

SCALE:

How did you get involved with networking (as opposed to servers, or writing code or anything else)?

OD:

I started out initially as a software developer. I never got particularly good at it and I never really enjoyed it. I rapidly moved towards UNIX systems administration. I first got exposed to TCP/IP networking while I was working at Wind River Systems back in the mid 1980s. From WRS, I moved on to Sun Microsystems, again as a systems administrator. At Sun I learned a lot more about networking and the "big-I Internet". My next few jobs trended towards more and more networking and less and less systems administration. The fact that I had strong skills in both areas tended to make me a valuable candidate since most systems administrators back then wanted to treat the network as a black box and most network engineers didn't want to know much about the systems they were dealing with. I was the guy that got in the middle of the finger pointing and found the problems on both sides.

SCALE:

How did you come up to speed on IPV6?

OD:

I started paying attention to IPv6 back in the early 90s when it was still being discussed as IPNG. At the time I was working for Netcom Online as a network support engineer. Over the years, I payed less and more attention to it as it developed. Unfortunately, I didn't have the time to try and participate actively in the IETF working groups and today I really wish I had. About 10 years ago, I started getting active in the ARIN[1] public policy process[2] and became aware of just how fast the IANA[3] IPv4 free pool was beginning to dwindle. In late 2007, i was elected to my first 3-year term on the ARIN Advisory Council starting January 1, 2008. I am now in my second term, having been re-elected at the end of last year. I was always trying to get my employers to pay attention to IPv6 and let me get moving on getting it deployed, but, gained little traction. In mid-2009, the startup I was working for folded and I arranged to start working at Hurricane Electric and IPv6 was rapidly a big part of my life. While I had a good basic understanding of IPv6, my first few months at HE rapidly filled in the holes in my understanding. The tutorials on http://www.tunnelbroker.net were a great refresher and got me going on finishing the IPv6 deployment at home as well.

[1] The American Registry for Internet Numbers is the Regional Internet Registry responsible for the US, Canada, and most of the Caribbean.

[2] The ARIN public policy process is handled in two public policy meetings each year as well as on the Public Policy Mailing List (arin-ppml@arin.net).It is a bottom-up process in which any member of the IP using community is welcome to participate. More information is at http://www.arin.net under the "Participate" menu tab.

[3] The Internet Assigned Numbers Authority is the organization responsible for maintaining the central free pools and delegating IP addresses andAutonomous System numbers to the Regional Internet Registries.

SCALE:

Wwhat are the major differences between IPV4 and IPV6?

OD:

Mostly 96 more bits, no magic.

Seriously, though, the major differences are really a matter of perspective. If you're Joe average user, then, for the most part, if you notice the differences, it means that the systems administrators and network administrators have done something wrong. To the end user there should be no difference.

To the systems administrator, the differences should be pretty minor. Mostly around troubleshooting things like neighbor discovery (replaces ARP), the existence and use of link local addresses, and the differences between DHCPv4 and SLAAC and DHCPv6. A smaller issue will be things like DNS zones for IPv6 reverse addresses and the use of AAAA records for IPv6 vs. A records for IPv4.

There's a lot of discussion about the lack of NAT in IPv6 being a big deal, but, the reality is that not having NAT is a feature. There's a common misconception that NAT is a security tool, but, you can get all of the security from stateful inspection without having to change the addresses in the packet (NAT).

To the network administrator, there are some significant differences, but most of them can be learned fairly quickly. Mostly it's about how you configure different routing protocols to handle multiple address families.

To the software developer, there are some changes to the socket libraries that are significant, and, of course anywhere your UI, API, logs, databases, etc. touch IP addresses, you'll need to update your code accordingly.

SCALE:

Why should we care about IPV6 at this point in time?

OD:

As I write this, there are still 7 large blocks known as "/8s" sitting in the IANA free pool. Each of these blocks is roughly 16.7 million IP addresses. Soundslike a lot, right?

Well, last year we went through them at an average rate of 2 per month. Nobody has gotten any yet this month. I fully expect that any day now,we'll see the routine announcement from IANA that APNIC just received two more /8s. At that point, we'll see the less routine announcement that theremaining 5 /8s have been given out 1 /8 to each Regional Internet Registry. At that point, the IANA will not have any more IPv4 addresses in the global free pool. Again, I expect this to happen any day now. Almost certainly this month.

There is lots of talk about multiple layers of NAT, NAT64, Dual-Stack Lite, and other solutions to try and extend people who can't get any IPv4addresses some form of life-line to connect to the IPv4 internet.

The reality is that all of these so called solutions have the following properties in common:

Provide inferior IPv4 access.

Some things that we take for granted on the internet today will not work through these solutions.

They are costly to implement and more costly to maintain.

User experience with them will be generally poor.

They do not scale and the more users that are trying to use them, the more they break.

Other than DS-Lite, none of them provide a clean exit strategy to IPv6.

If you are running public facing servers or services or producing public facing content, you want to get that stuff to where it is available to both IPv6 and IPv4 as soon as possible at this point. Failure to do so may become a business continuity issue in less than a year. Basically, if your users start experiencing a poor user experience on your site, they will eventually find the IPv6-capable sites that give them a good user experience and shift their focus.

SCALE:

What does IPV6 mean to the home computer user? How will it impact them?

OD:

Unfortunately, I expect this may be the biggest impact area. Let's face it, here we have the group that uses the most addresses (in aggregate, not individually), provides the smallest amount of revenue, and has the fewest options in terms of choice of carrier to move to if their service is degraded or dysfunctional.

That combination of factors means that when addresses get scarce, the providers that do both end-user and other services will likely start moving end-users to IPv6 or multi-layer NAT and moving their public IP addresses over to other more profitable uses. At least in the case of NAT64, DS-LITE, and native IPv6, the users can get to IPv6 sites without degraded service.

If they are unfortunate enough to be with a provider that uses multi-layer NAT, they're not only in for a rough road, but, the road leads to a dead-end in that it doesn't really provide any migratory path towards IPv6.

SCALE:

How would the home computer user, with a mix of Windows, Linux and Mac computers, plus the assorted other network device, implement an IPV6 network?

OD:

Well, ideally, they shouldn't have to do anything. Ideally, when their service provider is ready (which should be relatively soon), they should get the new home gateway box from their provider and it should plug in in place of the old one and just work for both protocols.

In the worst case, they'll have to learn more than they ever wanted to know about protocols and get their own dual-stack capable equipment and conduct their own migration the hard way, possibly even having to push their ISP to give them IPv6 on anything like a reasonable time frame.

While IPv4 and IPv6 don't interoperate, they do coexist perfectly well on the same network together.

Windows (newer than XP), Linux (2.4+) and Mac (OSX 10.3+) all have support for IPv6 built into the operating system. Some older versions also have some IPv6 support, but, those are the versions where it became mostly functional at the basic level.

However, one of the worst problems facing the home user is that the entire home entertainment industry seems oblivious to this major change. Indeed, my efforts to bring it to their attention have been greeted with dismissal, denial and in some cases outright hostility.

As an example, here's what I have at home:

Device

IP Support

Status

Juniper SRX-100

IPv4/IPv6

Primary Internet Gateway

Livingston PM-2

IPv4

This box is ancient. Line was discontinued before IPv6.

Yamaha RX-V3900

IPv4

Yamaha has not announced any plans for IPv6. My efforts to discuss the subject with them have been met with silence.

TiVO (HD, HDXL, Premier)

IPv4

TiVO has stated they have no plans to support IPv6.

Sony PS-2

IPv4

I suspect Sony won't bother with this

Sony PS-3

IPv4

Sony has not announced any plans for IPv6 on the PS-3

Nintendo Wii

IPv4

Nintendo has not announced any plans for IPv6

iMAC 24" Intel Core2 Duo

IPv4/IPv6

iMac 27" Intel i7 quad core

IPv4/IPv6

Mac Mini

IPv4/IPv6

Macbook Pro 17"

IPv4/IPv6

(pre-unibody, back-up laptop)

Macbook Pro 17"

IPv4/IPv6

(unibody, daily driver laptop)

Toshiba HD-A30

IPv4

HD DVD Player (yeah, I know). Probably no hope here.

Apple Time Capsule

IPv4/IPv6

Single-radio version, 1TB

Apple Time Capsule

IPv4/IPv6

Dual-radio version, 2TB

Generic PC

IPv4/IPv6

Linux box, primary server (DNS, WEB, DHCP, etc.)

HP OJ Pro 8500

IPv4/IPv6

Print/Scan/Fax/Copier

HP Deskjet 1700

IPv4

Older large format printer, probably no hope here.

Notice that the vast majority of the IPv4-only boxes are from the Home Entertainment industry. It's a huge gaping hole. It also applies to software. I am not aware of ANY of the MMORPGs being ready for IPv6. In spite of all the problems it has with NAT, to the best of my knowledge even the Xbox 360 does not support IPv6 at this time.

SCALE:

Would a hybrid IPV4/V6 network work for a home Linux user? What about a corporate environment?

OD:

It's working great in my house and my office. I don't see any reason it should be a problem elsewhere. Seriously, it requires some planning and some effort, but, generally, that's mostly the implementing IPv6 part. There's no need to turn IPv4 off to turn IPv6 on. They coexist quite nicely and that is the ideal transition mechanism.

Owen DeLong is an IPv6 Evangelist at Hurricane Electric and a member of the ARIN Advisory Council. He brings more than 25 years of industry experience. He is an active member of the systems administration, operations, and IP Policy communities. He'll be speaking on "IPv6 Basics for Linux Administrators" at SCALE.